Skip to main content

Incorrect Default Permissions

CVE-2020-12277

Severity Medium
Score 5/10

Summary

GitLab 10.8 through 12.9 has a vulnerability that allows someone to mirror a repository even if the feature is not activated.

  • LOW
  • NETWORK
  • NONE
  • PARTIAL
  • NONE
  • NONE

CWE-276 - Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

References

Advisory Timeline

  • Published